The CAP project on memory protection ran from 1970 to 1977. It was based on capabilities implemented in hardware, under M.Wilkes and R.Needham with D.Wheeler responsible for the implementation. R.Needham was awarded a BCS Technical Award in 1978 for the CAP (Capability Protection) Project.

Contents

The CAP was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities.

Archive photo from 1979, showing the inside of the machine and its connection to the Cambridge Ring.

The 32-bit processor featured microprogramming control, two 256-entry caches, a 32-entry write buffer and the capability unit itself, which had 64 registers for holding evaluated capabilities. Floating point operations were available using a single 72-bit accumulator. The instruction set featured over 200 instructions, including basic ALU and memory operations, to capability- and process-control instructions.

Instead of the programmer-visible registers used in Chicago and Plessey System 250 designs, the CAP would load internal registers silently when a program defined a capability.[2] The memory was divided into segments of up to 64K 32-bit words. Each segment could contain data or capabilities, but not both. Hardware was accessed via an associated minicomputer.

All procedures constituting the operating system were written in ALGOL 68C, although a number of other closely associated protected procedures - such as a paginator - are written in BCPL.[3]

The CAP first became operational in 1976. A fully functional computer, it featured a complete operating system, file system, compilers, and so on. The OS used a process tree structure, with an initial process called the "Master coordinator". This removed the need for separate modes of operation, as each process can directly access the resources of its children. In practice, only two levels were ever used during the CAP's operation.[4]